Mounting fully encrypted hard disk.

While testing Oneiric on a separate disk, I wanted to get some files off my laptop’s hard drive which is hosting my normal Natty’s install. Keeping with a previous setup, I had installed my laptop with a fully encrypted hard disk, using the alternate CD, so I needed a procedure to do this manually.

Previously, I had tested booting the Natty LiveCD and, to my enlightened surprise, the Livce CD did see the encrypted HD and proceeded to ask for the passphrase in order to mount it. But this time, I’m not running off the LiveCD, but from a complete install which is on a separate hard drive. Since it took me a while to locate the proper procedure, I thought that I would help google a bit so it is not so deep in the pagerank for others next time. But first, thanks to UbuntuGeek’s article Rescue and encrypted LUKS LVM volume for providing the solution.

Since creating an encrypted Home directory is easily achieved with standard installation methods, there are many references to how to achieve it for encrypted private directory. Dustin Kirkland’s blog is a very good source of information on those topics. But dealing with an encrypted partition requires a different approach. Here it is (at least for an encrypted partition done using the Ubuntu alternate DVD) :

First of all, you need to make sure that lvm2 and cryptsetup packages are installed. If not, go ahead and install them

# sudo aptitude install cryptsetup lvm2

Then verify if the dm-crypt module is loaded and load it if it is not

# sudo modprobe dm-crypt

Once this is done, open the LUKS partition (using your own encrypted partition name) :

# sudo cryptsetup luksOpen /dev/sda3 crypt1

You should have to provide the passphrase that is used to unlock your crypted partition here.

Once this is done, you must scan for the LVM volume groups :

# sudo vgscan –mknodes # sudo vgchange -ay

There, you should get the name of the volume group that will be needed to mount the encrypted partition (which happens to be configured as an LVM volume). You can now procede to mount your partition (changing {volumegroup} with the name that you collected in the previous command ) :